Skip to content

Draft: API integration for filter by validity check

Samantha Mingrequested to merge
557871-api-integration-filter-validity-check into master

🚨 DO NOT MERGE UNTIL %18.6 & BE is complete 🚨

  • This BE GraphQL MR is still WIP
  • Adding draft label to prevent accidental merge

What does this MR do and why?

Changes MR
UI implementation only !200777 (merged)
API integration for filter by validity check 👈 This MR

References

Screenshots or screen recordings

Page Request A: Severity Request B: Vulnerabilities
Project image image
Group image image

Validity Checks

There 3 possible validity checks > https://docs.gitlab.com/user/application_security/vulnerabilities/validity_check/#validity-check-workflow

Request Query UI Text
validityCheck=UNKNOWN "Possibly active secret"
validityCheck=ACTIVE "Active secret"
validityCheck=INACTIVE "Inactive secret"

How to set up and validate locally

  1. Enable FF: http://gdk.test:3000/rails/features/advanced_vulnerability_management
  2. Enable FF: http://gdk.test:3000/rails/features/validity_check_es_filter
  3. Enable FF: http://gdk.test:3000/rails/features/validity_checks_security_finding_status
  4. Enable FF: http://gdk.test:3000/rails/features/validity_checks
  5. Clone this project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/frontend/validity-checks/-/security/vulnerability_report/
  6. Run a successful pipeline
  7. Go to the vulnerability report page
  8. Filter by validity token
  9. In the network request, you'll see validityCheck being passed as an argument
  10. 🚨 Because the BE is still WIP, the report does not return the filtered result.

Please apply this patch so it doesn't error out. The BE is still WIP > Add validity_check support to vulnerabilities G... (!205482 - merged)

diff --git a/ee/app/graphql/resolvers/vulnerability_filterable.rb b/ee/app/graphql/resolvers/vulnerability_filterable.rb
index 3aecbaa7fe1128..3928f83d4e5bab 100644
--- a/ee/app/graphql/resolvers/vulnerability_filterable.rb
+++ b/ee/app/graphql/resolvers/vulnerability_filterable.rb
@@ -83,6 +83,7 @@ def validate_token_status!(vulnerable)
 
       return unless group
 
+      return
       # rubocop:disable Search/AvoidCheckingFinishedOnInvalidMigrations -- TODO epics/17407:
       # remove disable once backfill_token_status_in_vulnerabilities migration exists
       return if Feature.enabled?(:validity_check_es_filter, group) &&

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #557871

Edited by Samantha Ming

Merge request reports